如何从 nginx 入口负载 blancer 获取客户端 IP?我已尝试设置使用代理协议(protocol)和externalTrafficPolicy,但仍然不显示客户端IP。
Apache 为每个 http 请求记录 10.0.0.225。我不确定那是什么 IP,它似乎不是 pod 的
IP或节点IP。
httpd 服务:
apiVersion: v1
kind: Service
metadata:
name: httpd
labels:
app: httpd-service
namespace: test-web-dev
spec:
type: NodePort
selector:
app: httpd
ports:
- name: port-80
port: 80
protocol: TCP
targetPort: 80
- name: port-443
port: 443
protocol: TCP
targetPort: 443
sessionAffinity: "ClientIP"
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
externalTrafficPolicy: Local
入口磅:
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
data:
use-proxy-protocol: 'true'
---
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
externalTrafficPolicy: Local
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
在 Apache 中,我配置了以下日志记录设置:
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/ssl_access_log" combined env=!forwarded
CustomLog "logs/ssl_access_log" proxy env=forwarded
最佳答案
您应该在 X-Forwarded-For header 中获取原始 IP,这是 nginx-ingress 的默认配置:forwarded-for-header
这是在 ConfigMap 中配置的
关于Kubernetes - 如何获取负载均衡器后面的客户端 IP?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65246834/